I created a maintenance system for LFS that allows me to install specific configurations in what I Debug/Development/Production. "Production" only has strictly necessary software (compiler not being one of them) I can actually instantiate a full blown-fully functional LFS box in about 20 minutes. And I can upgrade packages! :) And yes, compilers are bad... ET Eric Shubert writes: > On 07/22/2012 04:04 AM, kitepilot@kitepilot.com wrote: >> Hello World: >> I run my firewall on a LFS box. >> Everything on it is compiled from source. >> No bells and whistles, only the essential software is installed. >> The hardware is 64 bits but I've been running 32 bit OS. >> This time around I am wondering... >> The question is: >> Is there any advantage to compiling the whole iptables enchilada in 64 >> bits? >> Should it be avoided? >> Please note that the 'normal' rules like 'more than 4GB and/or >> 32-bit-adobe' do not apply here, what I am looking for is whether >> filtering/marking will be faster/slower and (if known) why. >> Any ideas? >> Tnx >> ET > > I trust Joseph's answers to just about everything, including this. > > On a side note, I'd like to point out that having a compiler on a security > device such as a firewall (or any linux host for that matter) is a bit of > a security risk, as some malware relies on being able to compile the code > on the compromised host. So if your intention by using LFS is to make your > firewall more secure, you might be coming up short if you're building the > software on the firewall host itself. Personally, I use IPCop, which is > (also) LFS based. > > -- > -Eric 'shubes' > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss